Archive

Data Security Standard

Our last post about “How does the US Government use Credit Cards?” was an basic introduction to give you an idea of the amounts of money the government has traditionally spent using traditional “Level-1” GSA SmartPay charge cards to pay contractors.

This post will discuss the fundamental changes taking place, which will soon be mandated, that your company should prepare for.  Contractors that want to remain successful must adopt the most efficient and cost-effective GSA-complainant technologies available.

The GSA SmartPay™ program is 23 years old (started in 1989 as the IMPAC program) and accounts for about $30 billion annually in transactions. Approximately $20 billion of that is with the small purchase card.

The SmartPay program saves the government money by avoiding paper-based procurement; it streamlines how front-line managers can access products and services; and the card providers (banks) rebate the government a percentage on the amount purchased. It makes the procurement easier for the federal cardholder and the vendor, a truly win-win scenario.As the SmartPay contract did not mandate Level-3 processing, GSA has added Level-3 processing as a requirement for some of the contracts recently awarded, especially the Strategic Sourcing BPAs on GSA Schedule. Further, SmartPay training programs for Federal cardholders emphasize that buyers should look for Level-3 processing from the vendors they purchase from.

Level-3 provides a more secure online purchase for both buyers and vendors, and it also provides a lower processing fee for the vendor. This makes the procurement more secure for the federal cardholder and the vendor, another truly win-win scenario. Level-3 will become a requirement for SmartPay, so get ahead of the curve. Get Level-3 compliant.

When it comes to accepting government purchasing cards, it’s time to leave the 20th century behind. 21st century technology is required to keep businesses both competitive and compliant with ever increasing regulations designed to reduce fraud.

What is Level-1, Level-2 and Level-3 processing?

Whether you are a consumer buying a new television or a salesperson taking a client out to lunch, the ability to use a credit card to pay is a convenient option. Once your card is swiped, certain information is processed and verified in order to accept payment and complete the purchase. Depending on the type of transaction, this data could be very basic or extremely detailed.  Transactions made through Level 3 processing require significantly more data than those processed at Level 1 or Level 2.

Who Uses Level 1 and 2 Processing:
Almost every business that accepts credit cards uses one of the first two levels of processing. Together, these two types of processing account for most of the business-to-consumer transactions that take place every day.

Levels 1 and 2 Processing:
The different levels of transaction determine the amount and type of information that is passed through the credit card processing network. Level 1 transactions are usually made by consumers with their personal credit cards, thus the information required to accept payment is basic: supplier name, transaction amount and date. Level 2 transactions require additional fields of information, such as sales tax amount and customer codes, and are often made with corporate purchase cards from a U.S. bank.

Who Uses Level 3 Processing:
Level 3 processing involves sending up to 12 fields of detailed data through the credit card processing network, including quantities, product codes and product descriptions. Such specific transaction information is mainly used for business-to-business, corporate and government purchases, providing business the ability to control and monitor purchases made on the company credit card.

What are the benefits of Level 3 processing?

With the additional fields required to qualify for Level 3 processing, businesses can monitor what kind of purchases are made on the company credit card, as well as how much is spent and where items are being purchased. Level 3 credit cards can also include restrictions, limiting the types of business at which an employee can make purchases and eliminating any inappropriate spending that might occur using the company card. Level 3 processing capabilities come with a lower processing rate than Levels 1 and 2, due to the amount of information that must be provided at the point of transaction.

  • Government purchasing cards can be processed with the same level of detail normally associated with an itemized invoice. This is known as Level 3 line-item transaction data.
  • When Level 3 technology is in place, a merchant can submit electronically to a government buyer complete transaction detail. This can automatically be entered into its accounting system and reviewed each day, thus providing for greater financial accountability.
  • To encourage merchant participation and support of purchasing card programs, Visa and MasterCard have created special interchange rates to reduce a merchant’s transaction costs whenever Level 3 line-item details is transmitted with the financial settlement.
  • In providing Level 3 data, a government contractor may substantially reduce their credit card processing fees – sometimes by up to 40%. This savings is available for any size purchasing card ticket. However, this savings can be further increased for contractors that process large tickets, by enrolling in the special “large ticket” program for the GSA SmartPay program.
  • Up until last year, only large ticket Visa transactions were eligible for the special reduced interchange rates. This is one reason why the great majority of government contractors have remained unaware of the tremendous savings they are missing in not having a merchant account with Level 3 technology.
  • Virtual terminal technology is now available that makes processing a Level 3 transaction much simpler and faster than in the past.
  • Some of the features associated with this new technology include the ability to do recurring billing; accept payment by electronic check; a feature called Secure Vault which stores cardholder data securely; automated online invoicing; shopping cart integration; and integration with a merchant’s accounting system.
  • The detailed real-time reporting tools available with the virtual terminal are especially useful for businesses that want to be able to closely monitor their transaction activity.
  • Visa and MasterCard have formulated regulations designed to reduce fraud.  Many businesses are not in compliance with these regulations, especially with regard to storage of cardholder data. Processing with the new virtual terminal technology insures that data is securely stored offsite and that the business is in PCI (Payment Card Industry) DSS (Data Security Standard) compliance.
    The lower rates and amount of control and tracking provided makes Level 3 processing an extremely useful credit card processing capability.

What is PCI DSS Compliance?
“PCI DSS” stands for Payment Card Industry (PCI) Data Security Standard (DSS). It was developed by the major credit card companies (VISA, MasterCard, Discover, American Express and JCB) in 2004 as a guideline to help organizations that process card payments prevent credit card fraud, hacking, and various other types of card security breaches. A company processing, storing, or transmitting card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments.

What if I don’t comply?
These new card data security standards come with serious consequences. Failure to comply with PCI-DSS requirements can result in stiff contractual penalties or sanctions from members of the payment card industry. These include:

  • Fines of $500,000 per data security incident
  • Fines of $50,000 per day for non-compliance with published standards
  • Liability for all fraud losses incurred from compromised account numbers
  • Liability for the cost of re-issuing cards associated with the compromise
  • Suspension of merchant accounts


What does Level-3 processing mean to my business?
GSA recommendations are moving in the direction of a Level-3 mandate.

There are two major objectives that government agencies have when it comes to budgetary concerns and transparency issues:

(1) Obtaining the lowest price possible from suppliers and (2) having the most detailed information returned from merchants when making purchases with the GSA SmartPay purchase card. These objectives can be met through “Level 3 Processing”. The increased desire for “Level 3 Processing” was evidenced in last year’s report on Point-Of-Sale Discounts for GSA SmartPay Cards where one of the main objectives listed was: “Introduce Level 3 Data as the reporting source to the Federal Strategic Sourcing Initiative (FSSI)”.

As referenced in the Value Propositions section of the report, Master Card and Visa have created special rates to support Purchase Card programs like GSA SmartPay by reducing the merchant transaction costs (interchange) if Level-3 line item detail information is transmitted with the card payment file. By providing Level-3 data, a supplier may reduce their credit card processing fees – often by 30% to 40%. In addition, the GSA Smartpay website states: Merchants that provide Level 3 transaction data are more attractive to Government agencies because the data enables agencies to keep track of their purchases more accurately.

Thus, government agencies are strongly encouraged to take into consideration whether a company can provide Level-3 line item detail when they select a supplier. With Level 3 data, agencies get a two-for-one: (1) lower processing costs that the supplier can pass on to the agencies as lower prices; (2) more detailed information on the purchases made.

Down the road, there may be even more incentive to look for Level 3-ready suppliers. A Senate committee has just approved the Government Charge Card Abuse Prevention Act.  This act will require federal agencies to put new safeguards and controls on government charge cards used by federal employees. Among these would be the utilization of effective systems, techniques, and technologies to prevent or catch fraudulent purchases. The bill will require penalties for violations.

Level 3 line item detail includes such data as item description, item quantity, item unit of measure, and item freight amount. Requiring this level of detail virtually insures that only authorized purchases will occur, significantly cutting down on fraud and abuse.

Federal employees who have control over their choice of suppliers are well advised to start asking them if they can provide Level-3 line item detail. Agencies will then be in the best position to garner the lowest prices, keep track of purchases more accurately, and get a jump on regulations that may ultimately require that they deal only with Level 3-ready suppliers.

Processing GSA SmartPay cards requires a more sophisticated technology platform to capture what Visa and MasterCard call Level 3 data. Level 3 data will allow the GSA SmartPay card to meet the Visa and MasterCard Interchange requirements and get lower rates associated with government purchasing cards.

GSA Schedule holders should also be aware that when the appropriate information is included in a Level 3 purchase, they are rewarded with lower processing rates which can be as much as 1.00%, if they are using our GSA-approved strategic partner as a provider.

In summary, GSA is moving toward mandating GSA Schedule holders to become Level-3 compliant.  Also, incorporating a Level 3 technology system can greatly simplify workflow and operations for the government contractor, while reducing their costs substantially, even to the point of offsetting the Industrial Funding Fee (IFF) or more and meet all PCI DSS Compliance regulations.

Our Federal Marketing Plan will not only help companies effectively market their goods and services to the right agency contracting office location, we will work hand-in-glove with our strategic partner to support your wish to achieve Level-3 transaction compliance.

Your Federal Marketing Plan will be an unique, competitive and customized resultants-driven solution for your company to make effective and successful communication to profitably market your products/services to the federal government.

We work with you as a partner and encourage your feedback during every step; from goal setting, through methods selection, to the final reports and marketing plan. We are effective and comfortable working with business owners, senior executives, marketing departments, non-profit committees, advertising, public relations and marketing firms or any other stakeholder in the project/company.

For a free, no-obligation consultation on how FCIS can help your company become Level-3 compliant, call us at (972) 843-1265. Or, email us at info@fedcontractintel.com

Additional Information:

  • The Federal Strategic Sourcing Initiative (http://www.gsa.gov/portal/content/112561), requiring that participants have the capability to capture and provide Level-3 data, has been initiated for the following business sectors:  Office Supply; Print Management; Wireless Telecommunications; Domestic Delivery Services.
  • Government entities, including the U.S. Army, are requiring that contractors be Level-3 compliant, even stipulating that contractors document this compliance before agreeing to do business with the companies.
  • Congress is moving toward passage of the Government Charge Card Abuse Prevention Act, requiring federal agencies to put new safeguards and controls on government charge cards. Requiring Level-3 line-item detail will virtually insure that only authorized government purchases will occur, significantly reducing fraud and abuse.
  • Supplier that provide Level-3 data may reduce their credit card processing fees, often by 30%- 40%. (www.gsa.gov/graphics/fas/PoSTDataTechnicalInfo.pdf).  Lowering contractor expense, in turn, fulfills GSA’s mission of lower government costs for SmartPay purchases.